NAME¶
cf-promises - validate and analyze CFEngine policy code
SYNOPSIS¶
cf-promises [
OPTION]... [
FILE]
DESCRIPTION¶
cf-promises is a tool for checking CFEngine policy code. It operates by first
parsing policy code checing for syntax errors. Second, it validates the
integrity of policy consisting of multiple files. Third, it checks for
semantic errors, e.g. specific attribute set rules. Finally, cf-promises
attempts to expose errors by partially evaluating the policy, resolving as
many variable and classes promise statements as possible. At no point does
cf-promises make any changes to the system.
OPTIONS¶
- --eval-functions, -?
- Evaluate functions during syntax checking (may catch more run-time
errors). Possible values: 'yes', 'no'. Default is 'yes'
- --show-classes, -?
- Show discovered classes, including those defined in common bundles in
policy
- --show-vars, -?
- Show discovered variables, including those defined without dependency to
user-defined classes in policy
- --help, -h
- Print the help message
- --bundlesequence, -b
- Use the specified bundlesequence for verification
- --debug, -d
- Enable debugging output
- --verbose, -v
- Output verbose information about the behaviour of the agent
- --dry-run, -n
- All talk and no action mode - make no changes, only inform of promises not
kept
- --version, -V
- Output the version of the software
- --file, -f
- Specify an alternative input file than the default
- --define, -D
- Define a list of comma separated classes to be defined at the start of
execution
- --negate, -N
- Define a list of comma separated classes to be undefined at the start of
execution
- --inform, -I
- Print basic information about changes made to the system, i.e. promises
repaired
- --diagnostic, -x
- Activate internal diagnostics (developers only)
- --reports, -r
- Generate reports about configuration and insert into CFDB
- --policy-output-format, -p
- Output the parsed policy. Possible values: 'none', 'cf', 'json'. Default
is 'none'. (experimental)
- --syntax-description, -s
- Output a document describing the available syntax elements of CFEngine.
Possible values: 'none', 'json'. Default is 'none'.
- --full-check, -c
- Ensure full policy integrity checks
- --warn, -W
- Pass comma-separated <warnings>|all to enable non-default warnings,
or error=<warnings>|all
- --legacy-output, -l
- Use legacy output format
- --color, -C
- Enable colorized output. Possible values: 'always', 'auto', 'never'. If
option is used, the default value is 'auto'
- --tag-release, -T
- Tag a directory with promises.cf with cf_promises_validated and
cf_promises_release_id
CFENGINE¶
CFEngine provides automated configuration management of large-scale computer
systems. A system administrator describes the desired state of a system using
CFEngine policy code. The program
cf-agent reads policy code and
attempts to bring the current system state to the desired state described.
Policy code is downloaded by
cf-agent from a
cf-serverd daemon.
The daemon
cf-execd is responsible for running
cf-agent
periodically.
Documentation for CFEngine is available at
http://cfengine.com/documentation/.
PROMISE THEORY¶
CFEngine is built on principles from promise theory, proposed by Mark Burgess in
2004. Promise theory is a model of voluntary cooperation between individual,
autonomous actors or agents who publish their intentions to one another in the
form of promises. A promise is a declaration of intent whose purpose is to
increase the recipient's certainty about a claim of past, present or future
behaviour. For a promise to increase certainty, the recipient needs to trust
the promiser, but trust can also be built on the verification that previous
promises have been kept, thus trust plays a symbiotic relationship with
promises.
For an introduction to promise theory, please see
http://arxiv.org/abs/0810.3294/
AVAILABILITY¶
cf-promises is part of CFEngine.
Binary packages may be downloaded from
http://cfengine.com/downloads/.
The source code is available at
http://github.com/cfengine/
BUGS¶
Please see the public bug-tracker at
http://bug.cfengine.com/.
GitHub pull-requests may be submitted to
http://github.com/cfengine/core/.
SEE ALSO¶
cf-promises(8),
cf-agent(8),
cf-serverd(8),
cf-execd(8),
cf-monitord(8),
cf-runagent(8),
cf-key(8)
AUTHOR¶
Mark Burgess and CFEngine AS